package com.itqf.controller;

import com.itqf.entity.SysUsers;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;


/**
	
 * @Description:
 * @Company: 千锋互联
 * @Author: 李丽婷
 * @Date: 2020/10/14
 * @Time: 上午11:28
 */
@Controller
public class MyControlelr {

    @RequestMapping("/doLogin")
    public  String  doLogin(String  username,String  password,boolean rememberMe){
	     //登录逻辑
        System.out.println("登录");
//        if("admin".equals(username)){
//
//        }
        //shiro 认证
        //1,shiro的核心组件Subject
        Subject subject = SecurityUtils.getSubject();
        //2,把用户输入的用户名和密码封装成UsernamePasswordToken对象

        password = new Md5Hash(password,username,1024).toString();
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);
        // 记住我
        System.out.println(username+"password:"+password+"--"+rememberMe);
        if (rememberMe){
            token.setRememberMe(true);//记住我
        }
        //3.登录
        subject.login(token);//查找realm  执行认证方法

        SysUsers users = (SysUsers) SecurityUtils.getSubject().getPrincipal();

        //使用session
        subject.getSession().setAttribute("u",users);

        System.out.println(subject.isAuthenticated()?"登录成功":"登录失败");
        return  "success";

    }

    @RequestMapping("/deleteMenu")

    //{"admin","test"}  默认and  具有两个角色才能访问
    //logical = Logical.OR  或者，只具有其中一个角色就能访问
    @RequiresRoles(value = {"管理员","测试工程师"},logical = Logical.OR)//具有admin  角色为能访问该方法
    public   String  test1(){
        System.out.println("test1");
        return  "success";
    }
    @RequestMapping("/deleteUser")
    //Subject does not have permission [sys:menu:del]
    @RequiresPermissions("sys:user:del")
    public   String  test2(){//具有 sys:menu:del  权限能访问该方法
        System.out.println("test2");

        return  "success";
    }

    @RequestMapping("/addMenu")
    // perms.add("sys:menu:add");
    @RequiresPermissions("sys:menu:add")
    public   String  add(){//具有 sys:menu:add  权限能访问该方法
        System.out.println("test3");

        return  "success";
    }



    @RequestMapping("/delete")
    @RequiresRoles("admin")
    public    String   delete(){
        return  "success";
    }


}
